• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

I need help to set up CF to work with MS SQL Always Encrypted columns

Explorer ,
Jan 22, 2021 Jan 22, 2021

Copy link to clipboard

Copied

Hi,

I enabled encryption on a varchar column in database MS SQL 2019. Now, CF application is generating an error ByteArray objects cannot be converted to strings. 

 

How to enable or register encryption for this database in the CF 2016 server?

Thank you in advance,

TOPICS
Database access , Server administration

Views

466

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 26, 2021 Jan 26, 2021

Copy link to clipboard

Copied

I went with this guide below to enable Always Encryted and configuration of data source in CF Administrator.

https://community.hostek.com/t/sql-server-always-encrypted-columns/315#heading--ColdFusion

 

But, I stack on the paragraph under the heading 

Using Always Encrypted Columns with ColdFusion

....

You must also ensure that the ColdFusion service account has access to the private key. This service usually runs under the ‘cfusion’ user so you will want to give read permissions for that user to the private key of the ‘Column Master Key’.

 

Do I need to create a standard user and login as that user and assign to the service ColdFusion 2016 Application Server? Does this service is reffered here as a "cfusion"?

Then, how would I give that user read permissions for the private key of the ‘Column Master Key’? Is that running certlm?

 

Any help would be greatly appreciated.

Thanks

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jan 26, 2021 Jan 26, 2021

Copy link to clipboard

Copied

LATEST

On Windows, it's considered a best practice to create a specific user account with minimal permissions, instead of running CF as "Local Service". You can read about this in the various CF lockdown guides. Once you do this, you can assign permissions to this user explicitly, give the user read permissions for database private keys, whatever you want.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation